X-Git-Url: http://andersk.mit.edu/gitweb/moira.git/blobdiff_plain/85330553eb619f783e0480dfc2bc467a9b4afd7b..0bd158c53f4f2fdfbcd9cbd1809644d1af87621d:/lib/mr_auth.c

diff --git a/lib/mr_auth.c b/lib/mr_auth.c
index c70cced5..5a222ad5 100644
--- a/lib/mr_auth.c
+++ b/lib/mr_auth.c
@@ -16,6 +16,10 @@
 #include <string.h>
 
 #include <krb.h>
+#include <krb5.h>
+
+krb5_context context = NULL;
+krb5_auth_context auth_con = NULL;
 
 RCSID("$Header$");
 
@@ -67,3 +71,87 @@ int mr_auth(char *prog)
 
   return status;
 }
+
+int mr_proxy(char *principal, char *orig_authtype)
+{
+  int status;
+  mr_params params, reply;
+  char *args[2];
+
+  params.u.mr_procno = MR_PROXY;
+  params.mr_argc = 2;
+  params.mr_argv = args;
+  params.mr_argv[0] = principal;
+  params.mr_argv[1] = orig_authtype;
+  params.mr_argl = NULL;
+
+  if ((status = mr_do_call(&params, &reply)) == MR_SUCCESS)
+    status = reply.u.mr_status;
+
+  mr_destroy_reply(reply);
+
+  return status;
+}
+
+int mr_krb5_auth(char *prog)
+{
+  mr_params params, reply;
+  char host[BUFSIZ], *p;
+  char *args[2];
+  int argl[2];
+  krb5_ccache ccache = NULL;
+  krb5_data auth;
+  krb5_error_code problem = 0;
+
+  CHECK_CONNECTED;
+
+  memset(&auth, 0, sizeof(auth));
+
+  if ((problem = mr_host(host, sizeof(host) - 1)))
+    return problem;
+
+  if (!context)
+    {
+      problem = krb5_init_context(&context);
+      if (problem)
+	goto out;
+    }
+
+  problem = krb5_auth_con_init(context, &auth_con);
+  if (problem)
+    goto out;
+
+  problem = krb5_cc_default(context, &ccache);
+  if (problem)
+    goto out;
+
+  problem = krb5_mk_req(context, &auth_con, NULL, MOIRA_SNAME, host, NULL, 
+		       ccache, &auth);
+  if (problem)
+    goto out;
+
+  params.u.mr_procno = MR_KRB5_AUTH;
+  params.mr_argc = 2;
+  params.mr_argv = args;
+  params.mr_argl = argl;
+  params.mr_argv[0] = (char *)auth.data;
+  params.mr_argl[0] = auth.length;
+  params.mr_argv[1] = prog;
+  params.mr_argl[1] = strlen(prog) + 1;
+
+  if ((problem = mr_do_call(&params, &reply)) == MR_SUCCESS)
+    problem = reply.u.mr_status;
+
+  mr_destroy_reply(reply);
+
+ out:
+  if (ccache)
+    krb5_cc_close(context, ccache);
+  krb5_free_data_contents(context, &auth);
+  if (auth_con)
+    krb5_auth_con_free(context, auth_con);
+  auth_con = NULL;
+
+  return problem;
+}
+